- The Washington Times - Monday, June 26, 2023

North Korean hackers are overwhelmingly prioritizing cyber espionage over destructive digital attacks, according to a new analysis from cyber intelligence firm Recorded Future.

The firm found more than 70% of cyberattacks with a known purpose and attributed to North Korea since 2009 were likely conducted for information collection rather than to wipe out systems. 

North Korea’s leadership appears to be much more interested in learning about what others think of them, gathering information that can help them develop nuclear and ballistic missile technology, and stealing money to fund their regime,” Recorded Future said in a new report.

Recorded Future studied 273 cyberattacks attributed to North Korea since July 2009 and found the top five most-targeted industries in descending order are government, cryptocurrency, media, traditional finance and the defense sector. 

The cyberthreat intelligence firm said its dataset of North Korean cyberattacks tries to include any publicly reported attacks, but the actual number of digital attacks is far higher because private companies and government agencies often do not publish their research on attacks.

Recorded Future uses natural language processing, language analysis and other tools for its analysis, and relies on sources in English, Korean, Mandarin Chinese and Russian.


SEE ALSO: North Korea targets U.S. intel figures on a secret cyber hit list


“Government agencies, reporters, and NGOs with a nexus to North Korea should be more vigilant, as well as defense contractors and aerospace companies supporting U.S., South Korean, or other allied nations,” the report said.

Recorded Future’s analysis follows the revelation of North Korean hackers’ recent aggressive targeting of Americans to gain consistent access to valuable information and penetrate computer networks.

High-level current and former U.S. intelligence officials, media executives and national security scholars were in the crosshairs of North Korean hackers as part of a malicious cyber campaign reported by The Washington Times earlier this month.

The FBI, the National Security Agency and the State Department partnered with South Korean government agencies to publish an advisory this month that warned of social engineering and hacking threats posed by the North Koreans.

“Some targeted entities may discount the threat posed by these social engineering campaigns, either because they do not perceive their research and communications as sensitive in nature, or because they are not aware of how these efforts fuel the regime’s broader cyberespionage efforts,” the government agencies’ warning said. “However, as outlined in this advisory, North Korea relies heavily on intelligence gained by compromising policy analysts.”

North Korea watchers have pointed to the isolation of the regime of leader Kim Jong-un as helping to drive the malicious cyber activity. North Korea’s hacking and social engineering efforts may replace the more traditional work of diplomats and intelligence officers of other countries, according to Stimson Center senior fellow Jenny Town.

“They don’t have an embassy here, they don’t have diplomats and intelligence officers that can just run around and act like real diplomats and intelligence officers,” Ms. Town said on a podcast hosted by cybersecurity firm Mandiant in March. “And so this is their version of doing that, of trying to really scope the landscape of how Washington thinks about, how the policy community is thinking about these issues and what that might mean in terms of U.S. reaction, South Korean reactions and other stakeholders.”

The U.S. agencies’ June advisory warning of North Korean hackers directs people who believe they may have been targeted to contact the FBI’s Internet Crime Complaint Center.

Recorded Future’s report said potential victims should take preventive steps such as compartmentalizing sensitive data, keeping software updated and having a well-thought-out incident response and communications plan, among other things.

• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.

Copyright © 2024 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.